autonomous
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a shell script at
.claude/hooks/activate-autonomous.sh. - Executing scripts from the local project environment allows for arbitrary code execution on the user's host machine.
- The script resides in a hidden directory (
.claude/), which may be overlooked during manual security audits of a repository. - [PROMPT_INJECTION]: The skill instructs the agent to follow behavioral rules defined in
.claude/rules/operating-mode.md. - Ingestion points: Reads instructions from
.claude/rules/operating-mode.md(SKILL.md). - Boundary markers: None present; the agent is simply told to follow the rules in the file.
- Capability inventory: Shell command execution via script activation.
- Sanitization: No validation or sanitization is performed on the content of the rules file before the agent adopts its instructions.
Audit Metadata